Course Overview

Securing Cisco® Networks with Snort Rule Writing Best Practices (SSFRULES) is an instructor-led, lab-based, hands-on course offered by Cisco Learning Services. This course is part of a portfolio of security courses designed to help businesses support and maintain their Snort-based systems.

This lab-intensive course introduces you to Snort rule writing. Among other powerful features, you become familiar with:

Snort rule development

Snort rule language

Standard and advanced rule options

OpenAppID

Tuning

The course begins by identifying the key features and characteristics of a typical Snort rule development environment. You will develop and test custom rules in a preinstalled Snort environment and identify how to use advanced rule-writing techniques. You will investigate how to include OpenAppID in your rules and also identify how to filter rules and monitor their performance.

This course combines lecture materials and hands-on labs that give you practice in creating Snort rules.

CLASS INFORMATION

Price:

$3,000

Duration:

3 days

Version:

2

Learning Credits:

30

What You'll Learn

⌄

After completing this course, you should be able to:

Describe the Snort rule development process

Describe the Snort basic rule syntax and usage

Describe how traffic is processed by Snort

Describe several advanced rule options used by Snort

Describe OpenAppID features and functionality

Describe how to monitor the performance of Snort and how to tune rules

What You'll Learn

⌃

Outline

⌄

Module 1: Introduction to Snort Rule Development

Module 2: Snort Rule Syntax and Usage

Module 3: Traffic Flow Through Snort Rules

Module 4: Advanced Rule Options

Module 5: OpenAppID Detection

Module 6: Tuning Snort

Outline

⌃

Labs

⌄

Lab 1: Connecting to the Lab Environment

Lab 2: Introducing Snort Rule Development

Lab 3: Basic Rule Syntax and Usage

Lab 4: Advanced Rule Options

Lab 5: OpenAppID

Lab 6: Tuning Snort

Lab Topology:

Labs

⌃

Prerequisites

⌄

Basic understanding of networking and network protocols

Basic knowledge of Linux command-line utilities

Basic knowledge of text editing utilities commonly found in Linux

Basic knowledge of network security concepts

Basic knowledge of a Snort-based IDS/IPS system

Prerequisites

⌃

Who Should Attend

⌄

This course is designed for technical professionals who need to know how to deploy Open Source Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS), as well as write Snort rules.